a_bertrand

Not sure I understood the problem. What doesn't work exactly?

As this question is not new, I made my own trials... of course you can do the same on your side and get different results:   <?PHP include "../rpg/config.php"; include "../rpg/db_conn.php"; include "../rpg/misc_util.php"; function getmicrotime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); } function read_db_entry($db,$sql) { $res=array(); $r=mysql_query($sql,$db->conn); if($r === false) { echo "BAD Query: $sql"; return null; } $res=mysql_fetch_assoc($r); mysql_free_result($r); if($res === false) return array(); return $res; } for($j=0;$j < 9;$j++) { echo "--------------------------------\n"; $start=getmicrotime(); for($i=0;$i < 1000;$i++) { $val=read_db_entry($db,"SELECT * FROM PLAYER ORDER BY ID LIMIT ".mt_rand(0,1000).",1"); } $end=getmicrotime(); echo "Time: ".($end-$start)."\n"; echo "Columns: ".count($val)."\n"; $start=getmicrotime(); for($i=0;$i < 1000;$i++) { $val=read_db_entry($db,"SELECT ID,USERNAME,PASSWORD FROM PLAYER ORDER BY ID LIMIT ".mt_rand(0,1000).",1"); } $end=getmicrotime(); echo "Time: ".($end-$start)."\n"; echo "Columns: ".count($val)."\n"; } ?>   Result: -------------------------------- Time: 1.744500875473 Columns: 109 Time: 1.4345109462738 Columns: 3 -------------------------------- Time: 2.1714589595795 Columns: 109 Time: 1.9231040477753 Columns: 3 -------------------------------- Time: 2.2312161922455 Columns: 109 Time: 2.1061990261078 Columns: 3 -------------------------------- Time: 2.3801500797272 Columns: 109 Time: 2.0650768280029 Columns: 3 -------------------------------- Time: 1.9368641376495 Columns: 109 Time: 1.992063999176 Columns: 3 -------------------------------- Time: 2.2415399551392 Columns: 109 Time: 1.9894790649414 Columns: 3 -------------------------------- Time: 2.061381816864 Columns: 109 Time: 2.028737783432 Columns: 3 -------------------------------- Time: 2.2158668041229 Columns: 109 Time: 2.127660036087 Columns: 3 -------------------------------- Time: 2.2819759845734 Columns: 109 Time: 2.0801141262054 Columns: 3   So... as you can see, there is just a LITTLE difference between the two... using a 1000 loop. Now... Does it make any difference in real life? Well yes and no. If you are sure you will NOT need any of the other columns, then maybe, if not, then MUCH better to read once all the columns, and keep them into an array and use it during your page load. Also think that if MySQL find the exact same query, it may cache both the query and the result. Which means 2x the same query will be much faster than something which varies all the time.

Well the next step is creating a SMF plug-in for it, after this we will contact the IRC networks to be recognized and allow more than 4 connections per network (Ipoc already granted us) and then we will start with the advertisement. Once this is done, I do have still some ideas in mind, like allowing you to have your own scripts reacting to some commands, or adding new menu. I must check how to do it, as certainly I will not allow full JS access or whatever. So it will be like a new scripting language which will then be run by JS. Also a question: how many of you would prefer some sort of "embedded" sub windows (like child windows) instead of the current tabs? The advantage would be that you can chat on multiple channels at the same time (inside 1 server, you would still need those server tabs at the moment). If some of you are interested, then we could offer it as an option.

Servers are not free. You need to pay for the hardware, and the Internet connection and/or traffic. Even if you already have a server and you put a second project (or 3rd or 4th) at some point those projects will start to use your server resources, and for that they need to have some entries. Plain donation is not something which work well normally.

Yes lord of ultimatium has a nice feeling from the login page. What I'm interested in, is to see how they will pay back their bills. Limited free version? Payed add-on? As for sure they will not run on ads.

We are pleased to show the first public version of our latest project: http://www.wsirc.com wsIrc is a web IRC client (like mibbit), and is free to integrate within any website. You may use it as you want, and connect to any IRC server / network. The main advantage of wsIrc over mibbit: - You may fully customize the color scheme used by wsIrc (to reflect at best your own website) - We offer a mobile interface to be able to chat from an IPhone or a windows smartphone for example (http://www.wsirc.mobi). - We integrate all the channel operation needed for a channel operator, like ban, kick, channel settings, and much more. Also, as we are developing this, we are also open to your wishes, bug reports, comments.

Well it's not because they release a couple of web sites that nobody else will be able to make their game. Of course we cannot compete... but still some people may like ours better.

I fully understood you, and yes I pay about 50 cents for a player which stays at least a week. But as you said, my site is somewhat special, and the stats there don't apply on all sites. For example I do have players which are here since 5 years. No kidding.

my 50 cents are about what your 5$ are I believe. If a player is not active after the first days, the account is deleted, so it's about the same stat you get. (means 50 cents for a new active player)

Ooo ok, then I didn't read correctly the question... it was a cost to keep the server running (my answer). For advert, I do pay normally something like 50 cents per new player.

We have currently like with a price of 17 Cents / year per active user (users which actively play, as we delete inactive players after while)

No you cannot change anything with firebugs. It will just change for the person which is actually trying to do things with firebugs and nobody else.

Yes cookies are stored on the player/user computer, however the browser send them for EACH requests (page, images, js, css files and whatever else) its doing. So if you store the cookie containing a plain password, everyone between the server and the player will be able to see it with packet sniffing tools (tools like that: http://www.wireshark.org/). There is 2 ways to solve that: - Use HTTPS where nothing is passed in plain text. - Encrypt data (either with an asymmetric key, or store them into an hash). The first option is the easiest to implement and it's the one used by banks, paypal and others. For the second one, you can check the zap engine, and see how I implemented it.

Well I work like that generally: if there is interest I will continue to support. So far there is mild interest, so maybe I will add a few things on top, but I don't think I will go that much further unless there is somebody picking for his/her own game.

Well I can answer openly here: Some owners (if not most) are scared that you will steal away players. As easy as that. Now let me explain something to everyone, first of all players don't stay glued on one game because they don't find anything else to play with. If they stay on one game it's because they appreciate it. So sharing links of other games for me is not a problem. I do allow it even in the chat, or in my forums (as long as it's not starting to be spam). If they like your game better than mine, then it's my fault that I didn't made a game good enough, and nothing else. Another problem is that many if not all of the mc game owners are kids, and don't understand how to make a game which is not just a copy cat of others, and of course in this situation you are scared that people may move away. On my case, I don't think there is many games in my category, nor that would be a real problem for me. I do try to do my best, and have fun, if others like it, fine, if not then well... too bad.

Well basically what I saw is the following: Unless a full table row is REALLY huge, doing a select * is not much slower (if even slower) than a select a,c,e,z From my point of view, this make sense as the database will need to somehow read the row basically.... and just give you the data back you asked. Also, if your queries changes all the time, it would not be possible to MySQL to cache the query results. Therefore you could even have worse results. On the other side, if you need to transfer the query over the network, all bytes counts, and therefore returning just what you need is faster. As always, don't trust my words, do some checks by yourself and tell me if you get different results.

As I already stated to Zerro in the chat, this would in principle have some impact if your web server and mysql server are 2 different machines. However on the same machine (as most of the setups are), you don't really see much of difference, if any. At least that's what I saw from my own experiences.

indeed proxy could be used... However I blocked them not long ago by doing some sort of port scan from the server to the host which call me. Therefore proxies are defeated. However nothing is really safe, and if somebody is smart / good enough and is willing to spend the time, he/she may find ways around any kind of security. The only real secure things then, end up by using devices which generate codes based on some algo and the time, and every 60 sec they change. So you would need to use the same secure device to be able to log + your username and password.

No you can keep it, simply it's not something that... bland. On the other site, site owners should limit the number of trials a given IP could do in a given time. I allow 4 in 15min, which means after 4 trials you will have to wait 15 min before being able to check another password. That makes basically this kind of attack useless.

Only if it's offered within the PHP language, as you cannot normally load loadable PHP modules just for yourself.

mmm... not sure it's a smart tool to give away here...

From wikipedia: ---------------------------------------- Copyright issues Some companies believe the use of screenshots is an infringement of copyright on their program, as it is a derivative work of the widgets and other art created for the software.[5][6] Regardless of copyright, screenshots may still be legally used under the principle of fair use in the U.S. or fair dealing and similar laws in other countries.[7][8] ---------------------------------------- For me it's not illegal to point to what somebody would like to have as look & feel, as long as the result will not be using any of the art previously used. Sorry, but the first black back grounded website could then also sue you as you used the same background. I therefore see no reason to remove the screen shots.

simply add a salt inside the sha1 or md5 and you are up and running: md5("mysalt"+password); this mysalt could be system wise (stored somewhere privately) or, could be some sort of algorithm like sha1(sha1(userid)+password); With something like that, it will be impossible to find the right password out of the hash functions (or nearly impossible). Now, of course if you brute force, you will be able to find something which produce the same hash code, and therefore will allow you to enter.

Then I didn't understood the problem :D

I have yet to see google using flash menu... maybe in some of the tools I never used, but I think they mainly use HTML and some times JS (like for the maps). Flash menu are not really my piece of cake, nor flash based websites. I would personally use flash only if there is no other options, like to have a good sound library, or produce vectorial art on the fly like for graphs or others.